Thank you all for the clarifications.

This thread is 2 years old, and the OP never came back... If you have questions on how to best leverage pfsense in your environment I suggest you start your own thread detailing your network and any questions you have on how to best do some specific sort of thing your wanting to accomplish.

To your question of squid, squid is a proxy package that can be used to filter access based upon a url that someone might access.. Like blocking access to www.facebook.com or only allowing access to say www.kidsafedomain.tld

But to be honest, some of these sorts of features are more advanced than many users (without networking experience) understand and would come with a steep learning curve if not already up to speed. Asking what squid is - points to not having the basic skilsets that would make deployment of such features an easy solution.. You might be better suited with a more home "user" sort of device - there are many "home" friendly devices with interfaces designed for point and click control of what kids can access..

Maybe something of such a list of devices will be of help
https://www.fatherly.com/gear/best-parental-control-devices-routers/

Thanks! I wouldn't mind your feedback on findings of the watchdog/bypass configuration. One simply doesn't know, when he meets the 1% he needs it for :)

pfSense, or actually whatever OS you put on your device, can't stop the BIOS from booting.
The BIOS will even work with no disks or drives in your system.
The BIOS not running means hardware issues or .... true : no power.

You can block Windows Update with squid

SPAM you think. Ok, I'll delete the post, no problem.

@chrismurph

Sep 2 13:03:03 kernel code segment = base 0x0, limit 0xfffff, type 0x1b
Sep 2 13:03:03 kernel frame pointer = 0x28:0xfffffe024b676f70
Sep 2 13:03:03 kernel stack pointer = 0x28:0xfffffe024b676ef0
Sep 2 13:03:03 kernel instruction pointer = 0x20:0xffffffff80ea3ea5
Sep 2 13:03:03 kernel fault code = supervisor read data, page not present
Sep 2 13:03:03 kernel fault virtual address = 0x0
Sep 2 13:03:03 kernel cpuid = 2; apic id = 02
Sep 2 13:03:03 kernel Fatal trap 12: page fault while in kernel mode

Looks like faulty RAM for me ... IMHO
Maybe you can run a memtest at boot?

@beremonavabi Well it seems I have overlooked something. Indeed the Font Smoothing was not marked.

Thank you for those who took effort to read my post.

Thank you

And not sure how dev testing software in real would require domain admin

Our software is used exclusively in AD networks, so testing involves having servers that are part of the domain. When you're testing with virtual machines that are part of a domain and you roll back to a previous snapshot, the domain trust is broken and you have to remove and then re-add the server to the domain. Plus, our solution relies on Microsoft DFS Namespace support, and I don't want them playing around with that on our real domain. That's why they need domain admin for some things. I know that I could probably design something else but this is the way it's always been done since before my time, and I'm planning on redoing EVERYTHING this Fall when Server 2019 comes out, so I'd rather not make any changes to what we have that works now.

Mainly the split-DNS issue.

OK then, I'm not concerned. I literally have two NATs to worry about, so split DNS for those will take 2 seconds to create and will likely never update.

I think I will stick with the single forest-single domain model. Thanks again, guys.

Windows did a similar thing for me. Constant reboot+update loop. Turned out one of the Windows Features installed was incompatible with the update and I had to uninstall the feature first. I found this out by looking into the upgrade log and seeing why it failed. Luckily mine was on an NVME Samsung Pro SSD.

You prob not going to get much traction on such a question.. As stated you prob better off asking on dedicated android or openvpn forum for such a question.

Another spammer just hit this thread ;)

We should just prob ban the IN and PK... seems all that comes out of there is junk.

And we should prob just remove ALL of the accounts with zero posts to be honest. There is zero reason to have an account i your not going to post. There is no content here that requires you log in to see.. I have been watching the users as they get created... Lot of them are sneaky and just wan their whatever info listed.. And they don't even post anything. While signature and stuff helps... Just the username is used to try and up their google hits, etc.

And how would we know - you haven't given us details of your needs or budget.. Without that info then get the Pro version.

I Need Cloud VPN Guidance.

@derreckbercier said in Pfsense blocking Livestream:

i've been troubleshooting this, and part of the problem is since switching to pfsense it has given my other networks 1gb access to the niq, my old router only the main lan was at 1gb every other network was at 100mb. So something on my other network is hogging up all the bandwith on that switch and i'm trying to narrow it down. Thanks for everyone's help on this problem so far.

If you are uploading to a remote streaming host, but then your local LAN clients are simultaneously downloading the stream from that remote host over the same Internet connection, you can use it all up to the point the ACKs from the remote host do not make it back to your streamer PC in a reasonable time. So your streamer PC slows down and slows down and slows down trying to get the connection going. Uploading requires enough bandwidth on the download side for ACKs from the remote receiving end to get through. If you have tons of local users sucking up all the download bandwidth viewing the stream, then nothing is left for your uploading PC to receive its ACKs. Giving those "hungry" local LAN clients a gigabit pipe to suck from will exacerbate the problem. If they were all formerly sharing a 100 megabit pipe into the central switch, they could have been partially moderating each other so that the sum was not overwhelming to your uploading stream.

Don't know your situation precisely, but from your description it sounds like you were uploading to a remote host on the web that your local clients viewed from. Is that true, or do I have it wrong?

If I've correctly guessed your setup, then you can benefit from traffic shaping on pfSense that gives your uploading streamer PC priority bandwidth.